OVERVIEW:
CISOSHARE is quickly growing and searching for an experienced analyst to support client projects in an expanding and diverse client portfolio. CISOSHARE is the leader in Cyber Security Program Development, headquartered in Orange County, California. Our team has over fifteen years of experience in this niche cyber security field, which has become one of the most in-demand cyber security services requested across major global and emerging businesses.
During COVID demand for our services has accelerated as organizations have turned to a remote model and need to meet the associated challenges with security systems and data in a decentralized model. These demands require designing and implementing written and technical controls while providing advisory services to leadership and business units to solve organizational security challenges.
WHO WE ARE LOOKING FOR:
An experienced cyber security professional with a distinguished background in security program operations or development, either as an internal practitioner or consultant. Often our team is built with resources who are looking for a challenge and non-stale culture. Perhaps you’ve been on an internal security team and are burned out seeing the same problems. Or you’re a consultant in a stuffy environment and are willing to bring your skills and knowledge to a startup culture.
We’re looking for a Consultant who can combine technical knowledge with compliance requirements to apply practical cyber security solutions that address the strategic and tactical needs of clients. We need someone who can effectively communicate a vision and plan by acting as a subject matter expert for the security program across multiple customers.
We want a consultant who can work with the CISOSHARE team to provide a consultative approach by leveraging their experience and knowledge to develop solutions enabling clients to increase their compliance maturity, increase sales velocity, decrease sales time to close, mature security controls and architectures, migrate to cloud solutions, and develop increasingly secure applications. During the execution and delivery of solutions, the consultant will be the first line of quality assurance to make sure CISOSHARE presents well-constructed deliverables that comprehensively and clearly solve client problems.
The ideal consultant will also know their boundaries and limitations, when to ask for help, and when to escalate to someone that can help provide the answer. We want someone who is flexible and open to the challenges of consulting that can not only perform a risk assessment or vulnerability scan but someone who can quickly gain the confidence to take on new challenges.
RESPONSIBILITIES AND DUTIES:
- Lead projects to develop best practice policy and processes in security risk, vulnerability, incident, program management, and other security domains.
- Drive and prepare organizational alignment of the security program to NIST, ISO 27001/2, SOC2 Type I and II, HITRUST, PCI-DSS, and other industry or compliance standards.
- Lead security policy and process development projects to align clients with best practice frameworks.
- Lead security program governance and communication framework projects.
- Translate business requirements into technical and programmatic security requirements.
- Enable clients to meet business objectives by providing technical and operational expertise of Information Technology and Information Security practices, processes, and applications.
- Communicate status of remediation tasks to the security program, compliance, and business management.
- Contribute to executive security program review meetings.
- Support business compliance with risk, audit, regulatory, and legal requirements.
- Collaborate with CISOSHARE and client security architecture resources to implement and maintain a mature suite of preventive and detective safeguards.
- Support account managers and sales to communicate the status of work and value add.
- Contribute to project management plans, work breakdown structures, and status reporting for deliverable tracking to clients.
- Review deliverables for content and formatting quality.
- Support clients’ Chief Information Security Officers (CISOs) in the development and execution of risk management, vulnerability management, and incident management programs – policies, standards, processes, and performance of tasks. Develop standards, baselines, and processes associated with security operations and engineering. Develop and maintain cyber security program communication framework, processes, and content to support key business stakeholders – Chief Information Officers (CIOs), Privacy Officers, Chief Technology Officers (CTOs), Legal Counsel, and other key management.
- Travel up to 20%
- Perform other duties as assigned
QUALIFICATIONS AND SKILLS – EDUCATION, EXPERIENCE, AND TRAINING:
Requirements
- A Professional – a minimum of 7 years in an information technology or security role. *We realize no one knows everything but it’s certainly helpful to build upon experiences from working in the following roles: helpdesk, infrastructure, audit, governance, risk, or compliance analyst; IAM, vulnerability management, incident management, security operations center, etc.
- Verbal communication extraordinaire – patient, know how to work with personalities, concisely articulate tough concepts. Translate technical concepts to a non-technical person and vice versa.
- Swift with a keyboard – strong “written” communicator with attention to detail, competent business writer, drive a point, and not offend.
- Multi-task capable – Knows how to deal with competing priorities. Give attention when it’s needed, and politely push back as needed.
Collaborator – able to work within CISOSHARE but able to step into any environment and figure out how to make progress. - Professor – you enjoy teaching clients or coworkers concepts that are not native to the average person. You’re able to translate security concepts to the layman and spread knowledge to make the team better.
- Knowledge of Active Directory, system hardening, the concept of least privilege, network segmentation, operating systems, logging and monitoring, application architectures, data classification, and other relevant supporting knowledge.
- Familiar with, and can speak upon a wide range of Information Technology and Information Security technologies, tools, practices, and processes including but not limited to IT/IS operations, vulnerability management, patch management, asset management, risk management, change management, identity & access management, encryption standards, physical security, network security, endpoint security, backups, BCP/DR, cloud services, virtualization, and automation.
- Experience with best practice and compliance requirements and standards – NIST 800-53, NIST CSF, DFARS, CMMC, C2M2, ISO 27001/2, SOX, GITC, OWASP, HIPAA, SOC2, GDPR, CCPA/RA, PCI-DSS, etc.
- Culturally aware and adaptive customer service approach
Desired
- 3-5 years of cyber security consulting experience
Bachelor’s degree, preferably Information Systems Management, Computer Science, Criminal Justice or related fields or equivalent - Experience implementing or operating governance risk and compliance, vulnerability management, access management, incident management, or monitoring & alerting tools
- Experience with endpoint protection, EDR, SIEM, firewalls, IDS/IPS, DLP, CASB, secure email gateways, MDM, web content filtering, AWS/GCP/Azure security
- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications
CERTIFICATES, LICENSES, REGISTRATIONS:
Must have a valid state driver’s license with a good driving record
COMPUTER SKILLS:
Office 365 Suite
Word processing software (Microsoft Word)
Excel spreadsheets, pivot tables
Visio diagram and designs
Outlook email and calendars
Familiar with chat applications (Teams, Slack, etc.), online meetings (Zoom, GoToMeeting, etc.), and other collaboration tools
BENEFITS
Work in an emerging career field
Experience a small company culture while supporting a global client portfolio
Opportunity to grow and take a larger role/responsibility
401k match
Unlimited time off